Sign up to save your podcasts
Or
Share Insecure Deserialization
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Insecure Deserialization
Insecure Deserialization happens when an application receives untrusted data and deserializes it without properly validating or securing it. Serialization is the process of converting data (like objects) into a format that can be stored or transmitted (like JSON, XML, or binary). Deserialization is the reverse — turning that data back into usable objects.
If the incoming serialized data is tampered with by an attacker and the application blindly trusts it, the attacker can inject malicious objects or data. This could lead to serious attacks like:
- Remote Code Execution (RCE)
- Privilege Escalation
- Access Control Bypass
- Denial of Service (DoS)
View all episodes
By SublimetechieInsecure Deserialization happens when an application receives untrusted data and deserializes it without properly validating or securing it. Serialization is the process of converting data (like objects) into a format that can be stored or transmitted (like JSON, XML, or binary). Deserialization is the reverse — turning that data back into usable objects.
If the incoming serialized data is tampered with by an attacker and the application blindly trusts it, the attacker can inject malicious objects or data. This could lead to serious attacks like:
- Remote Code Execution (RCE)
- Privilege Escalation
- Access Control Bypass
- Denial of Service (DoS)